<?
require_once "include/bittorrent.php";
dbconn();
loggedinorreturn();

if (get_user_class() < UC_ADMINISTRATOR)
	error("Access denied.");
	
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
	if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
		error("Missing form data.");
	if ($_POST["password"] != $_POST["password2"])
		error("Password mismatch.");
	if (!validemail($_POST['email']))
		error("Invalid email");
	
	$username = sqlesc($_POST["username"]);
	$password = $_POST["password"];
	$email = sqlesc($_POST["email"]);
	$secret = mksecret();
	$passhash = sqlesc(md5($secret . $password . $secret));
	$secret = sqlesc($secret);

$a = (@mysql_fetch_row(@query("select count(*) from users where username=$username"))) or die(mysql_error());
if ($a[0] != 0)
  error("The user name $username is already in use.");

$a = (@mysql_fetch_row(@query("select count(*) from users where email=$email"))) or die(mysql_error());
if ($a[0] != 0)
  error("The e-mail address $email is already in use.");

	query("INSERT INTO users (added, last_access, secret, username, passhash, status, email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', $email)") or sqlerr(__FILE__, __LINE__);
  alert("Success!","The user has been added.");
}
stdhead("Add user");
?>
<h1>Add user</h1>
<br />
<form method=post action=adduser.php>
<table id="torrenttable" border=1 cellspacing=0 cellpadding=5>
<tr><td>User name</td><td><input type=text name=username size=40></td></tr>
<tr><td>Password</td><td><input type=password name=password size=40></td></tr>
<tr><td>Re-type password</td><td><input type=password name=password2 size=40></td></tr>
<tr><td>E-mail</td><td><input type=text name=email size=40></td></tr>
<tr><td colspan=2 align=center><input type=submit value="Okay"></td></tr>
</table>
</form>
<? stdfoot(); ?>